预览加载中,请您耐心等待几秒...
1/10
2/10
3/10
4/10
5/10
6/10
7/10
8/10
9/10
10/10

亲,该文档总共11页,到这已经超出免费预览范围,如果喜欢就直接下载吧~

如果您无法下载资料,请参考说明:

1、部分资料下载需要金币,请确保您的账户上有足够的金币

2、已购买过的文档,再次下载不重复扣费

3、资料包下载后请先用软件解压,在使用对应软件打开

华为USG防火墙VPN配置(完整版) (文档可以直接使用,也可根据实际需要修改使用,可编辑欢迎下载) 华为防火墙IPsecVPN配置(固定IP)—用户上网NAT及IPsecVPN互联分支 实验目的 华为USG防火墙基础配置 USG防火墙nat和no-nat USG防火墙ipsecvpn USG防火墙vpn域间策略配置 实验拓扑 实验步骤 总部FW1配置 [SRG-1]discurr 09:52:592021/06/03 # stpregion-configuration region-namef0eee215704f activeregion-configuration # aclnumber3000 rule5permitip # aclnumber3001 rule5permitip rule10denyip # ikeproposal1 encryption-algorithm3des-cbc dhgroup2 # ikeproposal20 encryption-algorithm3des-cbc dhgroup2 # ikepeerpeer-1 pre-shared-key%$%$8Sji"9(OW'^^{e*K{G{LmaXO%$%$ ike-proposal1 remote-address # ikepeerpeer-2 pre-shared-key%$%$6FI@MW!b]<]!Jn~95}kOovmd%$%$ ike-proposal20 remote-address # ipsecproposalzongbu1 espauthentication-algorithmsha1 espencryption-algorithm3des # ipsecproposalzongbu2 espauthentication-algorithmsha1 espencryption-algorithm3des # ipsecpolicymap110isakmp securityacl3000 ike-peerpeer-1 proposalzongbu1 # ipsecpolicymap120isakmp securityacl3001 ike-peerpeer-2 proposalzongbu2 # interfaceGigabitEthernet0/0/0 aliasGE0/MGMT ip # interfaceGigabitEthernet0/0/1 ip ipsecpolicymap1 # interfaceGigabitEthernet0/0/2 # interfaceGigabitEthernet0/0/8 # interfaceNULL0 aliasNULL0 # firewallzonelocal setpriority100 # firewallzonetrust setpriority85 addinterfaceGigabitEthernet0/0/0 # firewallzoneuntrust setpriority5 addinterfaceGigabitEthernet0/0/1 # firewallzonedmz setpriority50 # aaa local-useradminpasswordcipher%$%$"35x2@Oa>TCDEQ&pEBW4jA8/%$%$ local-useradminservice-typewebterminaltelnet local-useradminlevel15 authentication-schemedefault # authorization-schemedefault # accounting-schemedefault # domaindefault # nqa-jittertag-version1 # ip # bannerenable # user-interfacecon0 authentication-modenone user-interfacevty04 authentication-modenone protocolinboundall # slb # right-managerserver-group # sysnameSRG-1 # l2tpdomainsuffix-separator@ # ikelocal-namezongbu # firewallpacket-filterdefaultpermitinterzonelocaltrustdirectioninbound firewallpacket-filterdefaultpermitinterzonelocaltrustdirectionoutbound fire